GA/T 699-2007 English PDF
Basic dataStandard ID: GA/T 699-2007 (GA/T699-2007)Description (Translated English): Information security technology- Communication exchange criterion for alert of computer network intrusion Sector / Industry: Public Security (Police) Industry Standard (Recommended) Classification of Chinese Standard: A90 Classification of International Standard: 35.240 Word Count Estimation: 29,213 Date of Issue: 2007-05-14 Date of Implementation: 2007-07-01 Quoted Standard: GB/T 2260; GB 2312-1980; GB 18030-2000; GA/Z 02-2005; GA/T 700-2007 Issuing agency(ies): Ministry of Public Security Summary: This standard specifies the relevant interface element definition, preservation format, naming standard and alarm flow of the network intrusion detection system in the alarm disposal system. This standard is applicable to the development and construction of the alarm disposal system. The relevant developers or integrators shall refer to this standard. GA/T 699-2007: Information security technology- Communication exchange criterion for alert of computer network intrusion---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology- Communication exchange criterion for alert of computer network intrusion ICS 35.240 A90 People's Republic of China Public Security Industry Standards Information security technology computer network intrusion Alarm communication switching technology requirements Posted 2007-05-14 2007-07-01 implementation People's Republic of China Ministry of Public Security Table of ContentsIntroduction Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Operating Environment 1 4.1 System Structure 1 4.2 Network intrusion detection system operating requirements 2 4.2.1 information processing function 2 4.2.2 Information reporting function 2 4.2.3 Data storage function 2 5 Data Exchange Interface element definitions 2 5.1 Basic Data Types 2 5.2 Basic Property Description 3 5.3 alarm interface element definitions 3 5.3.1 Alarm element definitions 3 5.3.2 Alert element definitions 4 5.3.3 HeartBeat element definitions 5 5.3.4 Analyzer element definitions 5 5.3.5 Unit element definitions 6 5.3.6 Node element definitions 7 5.3.7 Address element definitions 8 5.3.8 Source element definitions 9 5.3.9 Target element defines 9 5.3.10 MatchRecord element definitions 10 5.3.11 AlertLevel element definitions 11 5.3.12 Impact element definitions 12 5.3.13 Classification element definitions 13 5.3.14 CImpact element definitions 14 5.3.15 AdditionalData element definitions 15 5.3.16 StatRecord element definitions 16 5.3.17 Status element definitions 17 6 Data Interchange Format to save 18 6.1 Format Description Table 18 21 6.2 Description 7 reported file naming conventions 22 22 7.1 naming format 7.2 Example 22 8 alarm Process 22 Online 22 8.1 Process Alarm Process 22 8.2 Offline alarm 9 Data Interface Description Document 22ForewordThis standard was proposed by the Ministry of Public Security Public Information Network Security Supervision Bureau. This standard is under the jurisdiction of the Ministry of Public Security Information System Standardization Technical Committee. This standard was drafted. Ministry of Public Security of Computer Information System Security Product Quality Supervision and Inspection Center, the Shanghai Jinnuo network security technology development Co., Ltd., Beijing in the dot com Wei Information Technology Co., Ltd., Beijing Venus Information Technology Co., Ltd. Beijing Yung-based Network Security Technology Limited. Drafters of this standard. Shen Liang, Gu Jian, Ding Ding, Xiao Jiang, Xuqiu Fen Zhu Xiang generations. Information security technology computer network intrusion Alarm communication switching technology requirements1 ScopeThis standard specifies the elements of the network interfaces based intrusion detection system-defined alarm disposal systems, saving format, naming conventions and newspaper Police processes. This standard applies to the development and construction of the disposal system alarm, related to developers or integrators can refer to these standards.2 Normative referencesThe following documents contain provisions which, through reference in this standard and become the standard terms. For dated references, subsequent Amendments (not including errata content) or revisions do not apply to this standard, however, encourage the parties to the agreement are based on research Whether the latest versions of these documents. For undated reference documents, the latest versions apply to this section. GB/T 2260 People's Republic of China administrative division code GB 2312-1980 exchange of information with Chinese characters coded character set basic set GB 18030-2000 Technical information exchange with a basic set of Chinese character set encoding expansion GA /Z02-2005 POLICE business base code set of data elements GA/T 700-2007 Information security technology computer network intrusion grading requirements3 Terms and Definitions3.1 By monitoring network packets and found that if a malicious user or misuse of the user tries to enter the system of non-product suite. network Network intrusion detection systems can monitor their communications run on the target machine, on a separate machine to monitor all be in promiscuous mode Network communications. This standard covers network-based intrusion detection system (English abbreviated as NIDS), does not involve a host-based intrusion detection system (English Abbreviated to HIDS). 3.2 Alarms from various business systems for unified disposal platform, which includes intrusion detection equipment for front-end data transmission interface. This standard deals with the front-end receiving portion alarm information disposal system. 3.3 Network-based intrusion detection system to alarm treatment system remote interface information reported. Reported data should be consistent with this standard data format Requirements.4 Operating Environment4.1 System Architecture System structure consists of network-based intrusion detection systems, remote alarm disposal system interface. Network intrusion detection systems to achieve the network Identify and deal with network behavior, matching rules and alarm functions; alarm reporting data received treatment system defined remote interface, a letter Information collected and aggregated. Shown in Figure 1. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 699-2007_English be delivered?Answer: Upon your order, we will start to translate GA/T 699-2007_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GA/T 699-2007_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 699-2007_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
